How to become an author
Search
Write a publication
Pull to refresh

Admin

Articles Posts News Hubs Authors
Show first
Rating limit
Level of difficulty

Full disclosure: 0day vulnerability (backdoor) in firmware for Xiaongmai-based DVRs, NVRs and IP cameras

Reading time6 min
Views92K
Information Security*Cryptography*IT Infrastructure*Reverse engineering*Video equipment

This is a full disclosure of recent backdoor integrated into DVR/NVR devices built on top of HiSilicon SoC with Xiaongmai firmware. Described vulnerability allows attacker to gain root shell access and full control of device. Full disclosure format for this report has been chosen due to lack of trust to vendor. Proof of concept code is presented below.
Read more →
Total votes 19: ↑18 and ↓1+17
Comments15

Introducing One Ring — an open-source pipeline for all your Spark applications

Reading time23 min
Views1.4K
Open source*Java*Big Data*Hadoop*Data Engineering*

If you utilize Apache Spark, you probably have a few applications that consume some data from external sources and produce some intermediate result, that is about to be consumed by some applications further down the processing chain, and so on until you get a final result.


We suspect that because we have a similar pipeline with lots of processes like this one:


A process flowchart with more than 50 applications and about 70 datasets
Click here for a bit larger version


Each rectangle is a Spark application with a set of their own execution parameters, and each arrow is an equally parametrized dataset (externally stored highlighted with a color; note the number of intermediate ones). This example is not the most complex of our processes, it’s fairly a simple one. And we don’t assemble such workflows manually, we generate them from Process Templates (outlined as groups on this flowchart).


So here comes the One Ring, a Spark pipelining framework with very robust configuration abilities, which makes it easier to compose and execute a most complex Process as a single large Spark job.


And we just made it open source. Perhaps, you’re interested in the details.

We got you covered!
Total votes 9: ↑8 and ↓1+7
Comments0

Blockchain Is Changing The Way Rail Industry Works

Reading time3 min
Views3.6K
Distributed systems*IT-companies
From sandbox
image

Railways had made our transportation very easy since 1830 when the first railway began in England. From 1830 to 2020, the development in the railways has been quite significant. The concept of blockchain is expanding widely; hence the public interests are also growing on a vast scale. Major enthusiasts about blockchain are the investors and businessmen who wish for transparency and equity in the transaction. Now since blockchain is no more just a concept its application in railways is expected to smoothen the transportation.
Read more →
Total votes 3: ↑2 and ↓1+1
Comments0

Hyper-V for Developers on Windows 10

Reading time6 min
Views5.9K
Microsoft corporate blogProgramming*PowerShell*Virtualization*Development for Windows*
Hyper-V is more known as a server virtualization technology; however, since Windows 8, it is also available in the client operating system. In Windows 10, Microsoft improved the experience drastically to make Hyper-V an excellent solution for developers and IT Pros.
 
Microsoft Hyper-V, codenamed Viridian, is a native (type 1) hypervisor that directly runs on the hardware, compared to VMware Workstation, VirtualBox, and other type 2 or hosted hypervisors. It was first released in Windows Server 2008, and it allows you to run virtual machines on x86-64 systems.

As mentioned, with Windows 10, Microsoft optimized Hyper-V for developers. Hyper-V allows developers to quickly spin up development virtual machines on Windows 10 with excellent performance, but it is also used in a couple of other development features as a back-end technology, like the Android Emulator, the Windows Subsystem for Linux 2 or Docker Containers. In this article, we will have a quick look at what Hyper-V on Windows 10 can over for developers.
Read more →
Total votes 5: ↑5 and ↓0+5
Comments0

Announcing the preview of Azure Spot Virtual Machines

Reading time4 min
Views1.1K
Microsoft corporate blogCloud computing*Microsoft Azure*Cloud services*
We’re announcing the preview of Azure Spot Virtual Machines. Azure Spot Virtual Machines provide access to unused Azure compute capacity at deep discounts. Spot pricing is available on single Virtual Machines in addition to Virtual Machine Scale Sets (VMSS). This enables you to deploy a broader variety of workloads on Azure while enjoying access to discounted pricing. Spot Virtual Machines offer the same characteristics as a pay-as-you-go Virtual Machines, with differences in pricing and evictions. Spot Virtual Machines can be evicted anytime if Azure needs capacity.

The workloads that are ideally suited to run on Spot Virtual Machines include, but are not necessarily limited to, the following:

  • Batch jobs.
  • Workloads that can sustain and/or recover from interruptions.
  • Development and test.
  • Stateless applications that can use Spot Virtual Machines to scale out, opportunistically saving cost.
  • Short-lived jobs which can easily be run again if the Virtual Machine is evicted.

Read more →
Total votes 2: ↑2 and ↓0+2
Comments0

Chronicle of Rambler Group and Nginx confrontation (updated on 23 Dec, 12 p.m.)

Reading time3 min
Views6.4K
Nginx*Legislation in ITFinance in IT
Translation


On December 12, it became known from Nginx's employee Twitter that the company's office was searched due to the criminal case under Article 146 of the Criminal Code of the Russian Federation 'Violation of Author's and Neighboring Rights'. The claim belong to Rambler Group was, although formally the complaintant is Lynwood Investments CY Ltd, to which the rights were transferred. The last-mentioned is related to the co-owner of Rambler Group, Alexander Mamut.

The point of the claim: Igor started working on Nginx as an employee of Rambler and only after the tool became popular he founded a separate company and attracted investments.

Here is how the events unfolded.
Read more →
Total votes 20: ↑20 and ↓0+20
Comments1

Deploying Tarantool Cartridge applications with zero effort (Part 1)

Reading time8 min
Views1.9K
VK corporate blogHigh performance*IT Infrastructure*Database Administration*Distributed systems*


We have already presented Tarantool Cartridge that allows you to develop and pack distributed applications. Now let's learn how to deploy and control these applications. No panic, it's all under control! We have brought together all the best practices of working with Tarantool Cartridge and wrote an Ansible role, which will deploy the package to servers, start and join instances into replica sets, configure authorization, bootstrap vshard, enable automatic failover and patch cluster configuration.

Interesting, huh? Dive in, check details under the cut.
Read more →
Total votes 29: ↑29 and ↓0+29
Comments0

Holographic Principle, new type gyroscope, information without light speed limit, teleportation of physical objects…

Reading time57 min
Views12K
Popular sciencePhysicsSystems engineering*
Technotext 2020
From sandbox
Recovery Mode
Warning

First, all the objects and theories described in this article have the status of hypothetical at the moment. That is, the holographic hypothesis and string theories have not been experimentally confirmed many.

Second, a fundamentally new type of mechanical gyroscope with six degrees of freedom is proposed for experimental verification (base) of hypotheses. Of the two and three degrees of freedom mechanical gyroscopes known to science, this is the last of the possible types with the maximum number of degrees of freedom in the holonomic system (GYRO_6DoF).

Third, with the advent of the experimental base — the tops of the physical pyramid, string theories, and the holographic hypothesis, which is actually the foundation of the future Theory of Everything, are temporarily removed from criticism until the moment of practical implementation of the experiment and measurements.

Abstract

Even people far from physics know that the maximum possible data transmission rate of any signal is equal to the speed of light in a vacuum. It is denoted by the letter «c», and this is about 300 thousand kilometers per second. The speed of light in a vacuum is one of the fundamental physical constants. The impossibility of achieving speeds exceeding the speed of light in three-dimensional space is a deduction from Einstein's Special Theory of Relativity (SRT). Usually, when it is argued that SRT prohibits the transmission of the information above the speed of light, an implicit assumption is made that there is no other way other than to «bind information» to a photon and transmit it. However, there is another way. The well-known physical hypothesis — the Holographic Principle (a modern and widely used tool in theoretical physics) points to an interesting phenomenon: “Phenomena taking place in three-dimensional space can be projected onto a remote screen without losing information” — Leonard Susskind “The World as a Hologram ”[p. 3].

image

Read more →
Total votes 34: ↑4 and ↓30-26
Comments127

Nginx's office is being searched due to Rambler Group's lawsuit. The complaintant press service confirmed the suit

Reading time5 min
Views17K
Nginx*Legislation in ITOffices of IT companiesFinance in IT
Translation
According to one of the employees Nginx's Moscow office is being searched due to the criminal case brought by Rambler Group (the official response of the company's press office to this issue and confirmation of claims against Nginx is below). The photo of the search warrant is provided as the evidence of the criminal case initiated on December 4, 2019 under Article 146 of the Criminal Code of the Russian Federation 'Violation of Author's and Neighboring Rights'.

Nginx search warrant


It is assumed the complaintant is Rambler, and the defendant is still an 'unidentified group of persons', and in the long run — the founder of Nginx, Igor Sysoyev.

The point of the claim: Igor started working on Nginx as an employee of Rambler and only after the tool became popular he founded a separate company and attracted investments.

It is not clear why Rambler revised its 'property' only 15 years later.
Total votes 78: ↑78 and ↓0+78
Comments4

Learn Azure in a Month of Lunches — our new free e-book

Reading time1 min
Views1.3K
Microsoft corporate blogCloud computing*Microsoft Azure*Studying in ITCloud services*
More than 100 Azure services offer everything you need to build and run your applications with all the performance, redundancy, security, and scale that the cloud has to offer. But knowing where to begin with all these services can seem overwhelming. 

Read this e-book to build your cloud computing skills quickly and efficiently. You’ll be productive immediately, and when you finish, you’ll be well on your way to Azure mastery. 

Learn more below.


Read more →
Total votes 5: ↑5 and ↓0+5
Comments0

How to Write a Smart Contract with Python on Ontology? Part 5: Native API

Reading time3 min
Views484
Python*DevOps*
Tutorial
image

In the previous Python tutorial posts, I have introduced the Ontology Smart Contract in
Part 1: Blockchain & Block API and
Part 2: Storage API
Part 3: Runtime API
Part 4: Native API and described how to use smart contracts for ONT / ONG transfer.

Today we will talk about how to use Upgrade API to upgrade smart contract. There are 2 APIs: Destroy and Migrate.
Read more →
Rating0
Comments0

Windows Terminal Preview v0.7 Release

Reading time3 min
Views1.6K
Microsoft corporate blogSystem administration*GitHub*Development for Windows*
Another release is out for the Windows Terminal preview! This release is labeled as v0.7 in the About section of the Terminal. As always, you can download the Terminal from the Microsoft Store and from the GitHub releases page. Here’s what’s new in this release:

Windows Terminal Updates


Panes


You are now able to split your Terminal window into multiple panes! This allows you to have multiple command prompts open at the same time within the same tab.

Note: At the moment, you’re only able to open your default profile within a new pane. Opening a profile of your choice is an option we’re planning to include in a future release!



Read more below.
Read more →
Total votes 3: ↑3 and ↓0+3
Comments0

Huawei Cloud: It's Cloudy in PVS-Studio Today

Reading time10 min
Views748
PVS-Studio corporate blogProgramming*Java*Cloud services*

Picture 2

Nowadays everyone knows about cloud services. Many companies have cracked this market segment and created their own cloud services of various purposes. Recently our team has also been interested in these services in terms of integrating the PVS-Studio code analyzer into them. Chances are, our regular readers have already guessed what type of project we will check this time. The choice fell on the code of Huawei cloud services.
Read more →
Total votes 26: ↑25 and ↓1+24
Comments0

Install Powershell Module from Github Repository

Reading time2 min
Views6.2K
PowerShell*
From sandbox
Hi there!

The latest years Powershell started expansion to other platforms and now works on Windows, Linux, and MacOS (I even managed to start it on raspberry Pi Debian distro).

And nowadays the main way for installing modules is PowerShell Gallery but in some situations, it still convenient to install modules directly from the source (the main reason — the main PowerShell modules repo configured to MyGet or NugetServer).

And it can be painful to install Module from GitHub — you should download archive, find modules folder extract archive content and then copy module folder to the Powershell Profile directory.

Moreover — people like me don't want to create a separate repository for each module (yes, I like the Release-Flow approach) so download and extract only the modules you are like -it even more difficult.
Read more →
Total votes 11: ↑11 and ↓0+11
Comments0

Cool WSL (Windows Subsystem for Linux) tips and tricks

Reading time3 min
Views4.4K
Microsoft corporate blogConfiguring Linux*Visual Studio*Development for Linux*Development for Windows*
It's no secret I dig WSL (Windows Subsystem for Linux) and now that WSL2 is available in Windows Insiders Slow it's a great time to really explore the options that are available. What I'm finding is so interesting about WSL and how it relates to the Windows system around it is how you can cleanly move data between worlds. This isn't an experience you can easily have with full virtual machines, and it speaks to the tight integration of Linux and Windows.

Look at all this cool stuff you can do when you mix your peanut butter and chocolate!

Read more →
Total votes 5: ↑3 and ↓2+1
Comments1

PVS-Studio in the Clouds: GitLab CI/CD

Reading time10 min
Views1K
PVS-Studio corporate blogC++*DevOps*

Рисунок 2

This article continues the series of publications on usage of PVS-Studio in cloud systems. This time we'll look at the way the analyzer works along with GitLab CI, which is a product made by GitLab Inc. Static analyzer integration in a CI system allows detecting bugs right after the project build and is a highly effective way to reduce the cost of finding bugs.
Read more →
Total votes 30: ↑29 and ↓1+28
Comments0

Down the Rabbit Hole: A Story of One varnishreload Error — part 1

Reading time8 min
Views1K
*nix*Shells*Debugging*DevOps*

After hitting the keyboard buttons for the past 20 minutes, as if he was typing for his life, ghostinushanka turns to me with a half-mad look in his eyes and a sly smile, “Dude, I think I got it.


Look at this” — as he points to one of the characters on screen — “I bet my red hat that if we add what I’ve just sent you here” — as he points to another place in the code — “there will be no error anymore.”
Slightly puzzled and tired I modify the sed expression we’ve been figuring out for some time now, save the file and run systemctl varnish reload. Error message gone…


“Those emails I’ve exchanged with the candidate,” my colleague continues, as his smile changes to a wide and genuine grin, “It suddenly struck me that this is the very same exact problem!”

Read more →
Total votes 4: ↑3 and ↓1+2
Comments0

Datacenter TCP explained

Reading time2 min
Views3.8K
Cloud computing*Network technologies*Network hardware
Modern networking contains a number of improvements over the basic TCP/IP stack. One of this, particularly useful inside datacenter was developed by Microsoft Research in 2010 and called, surprisingly, DataCenter TCP (DCTCP).

DCTCP is a set of modification to TCP, targeting to fulfill two properties:
1. Improve latency for latency-sensitive small messages
2. Not to decrease the throughput for throughput-sensitive big flows
Read more →
Total votes 6: ↑6 and ↓0+6
Comments0
12 ...
1112
13
1415 ...
1920
Unlock dark mode

Hubs

Authors' contribution

Your account

Sections

Information

Services

Support
© 2006–2024, Habr